Ring Spends The Week Collecting Data On Trick-Or-Treating Kids And Being An Attack Vector For Home WiFi Networks

from the going-to-have-to-mark-this-'needs-improvement' dept

Nothing owns like a self-own. And Ring -- Amazon's doorbell surveillance project -- is so into self-abuse, it's almost kinky. It's a DOM when it picks up another submissive law enforcement partner (400+ at last count, so maybe get tested if you install a doorbell without protection). Any other time, it seems to be a relentlessly cheery masochist. Hopefully it's deriving some pleasure from the endless negative news cycles. Maybe 95% market share heals all wounds.

Ring is putting the "creep" back in the phrase "surveillance creep." While there's some value to keeping an eye on your front doorstep when you're expecting an expensive delivery, the downside is Ring might be letting cops know you've got a camera on your house. What it won't be letting you know is that it will part with your footage at the drop of a subpoena.

If you're not eyeballing your neighbors by proxy, you're not living right. That's the message of the Neighbors app, which is pushed by Ring and cops alike. Breaking down "sharing" barriers is the first step toward bypassing the warrant process. Ring is the grease and the wheel.

The pushback against Ring's law enforcement adoption offensive has had minimal effect on the company. It continues undeterred, even as it attempts to explain both its lack of interest in adding facial recognition software to its doorbells and its retention of a facial recognition division head. It's things like this that make one believe the public's opinion ultimately doesn't matter, not if Ring can convince enough cop shops to start pushing its offerings on the public.

Ring is back in the news again. And, again, it's not because it did anything right. Or competently.

First, Buzzfeed reports the doorbell company is as tone deaf as it is dominant in its market sector. What Ring thinks is cute and fun is actually just very, very creepy.

In a company blog and series of Instagram stories, posted Monday and Tuesday, the company showed that it collects, stores, and analyzes sensitive data about how, when, and where people use its doorbell cameras. Ring said that nationwide, its doorbell cameras were activated 15.8 million times on Halloween. The company makes several other types of surveillance cameras in addition to its doorbell camera.

As it has on other occasions, like Super Bowl Sunday, Ring turned Halloween into a marketing opportunity. As reported by Mashable, Ring circulated videos of children on Halloween on Twitter. Ring also promoted Halloween-themed skins to decorate doorbell cameras on its company blogs and Instagram. However, in promoting itself as a family-friendly company, Ring showed that it collects user data on a granular level.

Friends, neighbors, visitors… children -- nothing but data and footage to be used to promote Ring's version of everyday life in the United States. The information a Ring doorbell collects belongs to Ring, not its customers. And if it belongs to Ring, it can be had without a warrant in most cases. Ring knows how often customers' doorbells ring. It says it anonymizes this data, but first you have to trust that it actually did what it said it did. And then you have to believe anonymizing data actually anonymizes it, which it kind of doesn't.

But trading trick-or-treating kids for social media impressions isn't the only headline Ring made this past week. It also showed it's not immune to the IoT curse: connected "smart' things tend to be attack vectors. And if they're not actually being attacked, they're just giving info away to whoever wants it.

A vulnerability in the Amazon Ring doorbells could have exposed homes’ WiFi username and password to hackers.

Discovered earlier this year by Romanian cybersecurity firm Bitdefender, the issue caused users’ WiFi credentials to be transmitted unencrypted while they were setting up the internet-connected device.

“When entering configuration mode, the device receives the user’s network credentials from the smartphone app,” Bitdefender notes. “Data exchange is performed through plain HTTP, which means that the credentials are exposed to any nearby eavesdroppers.”

While this method requires a hacker to be near the doorbell or on the targeted WiFi network in order to intercept the credentials, this doesn't mean exploitation is only a crime of opportunity. As Bitdefender noted, hackers could flood the device with de-authentication messages which would kick the doorbell off the network. When Ring users try to reconnect their doorbell to their network, hackers could jump in and grab the credentials as they sail by in plaintext.

The good news is this issue has been fixed. The bad news is this is the second time Ring's doorbells have been caught handing out WiFi credentials. At least last time, malicious hackers needed physical access to the doorbell. The last misstep allowed hackers to stay in their cars.

The further bad news is Ring is still Ring and mainly interested in turning doorbells in spy cams that can be easily accessed by its hundreds of law enforcement "partners." It has never expressed any sincere desire to protect the privacy of its users. As far as it's concerned, every camera is just another eye it owns, feeding it footage and data it can use at will.

Filed Under: doorbell, halloween, police, ring, surveillance
Companies: amazon, ring


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 13 Nov 2019 @ 11:41am

    Yeah, certain things Amazon does makes it a garbage company but unfortunately they are actually one of the better ones compared to their peers in other areas.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Nov 2019 @ 12:10pm

    They are the best security cameras around.

    Nothing to hide, nothing to fear.

    reply to this | link to this | view in chronology ]

  • icon
    Norahc (profile), 13 Nov 2019 @ 12:36pm

    So Ring is basically becoming the type of creepy stalker that doorbell cameras should be used to protect you against.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Nov 2019 @ 12:43pm

    As it has on other occasions, like Super Bexowl Sunday, Ring turned Halloween into a marketing opportunity. As reported by Mashable, Ring circulated videos of children on Halloween on Twitter. Ring also promoted Halloween-themed skins to decorate doorbell cameras on its company blogs and Instagram. However, in promoting itself as a family-friendly company, Ring showed that it collects user data on a granular level.

    IANAL but it seems an argument could be made that by posting the vids to Twitter they ran afoul of COPPA.

    reply to this | link to this | view in chronology ]

  • icon
    btr1701 (profile), 13 Nov 2019 @ 1:09pm

    Kidnap Victim Rescued, Suspect Arrested

    For all the hand-ringing on this site over police using footage from these Ring doorbell cameras-- which, let's be clear, is completely VOLUNTARY on the part of the homeowner-- it might be nice to balance it out with a story like this, where a woman's violent attack and abduction was captured on a Ring camera and police were able to locate and rescue her after being given the footage by the resident.

    https://ktla.com/2019/09/30/man-arrested-on-suspicion-of-assault-kidnapping-after-violent- incident-caught-on-camera-in-arcadia/

    According to the prevailing attitude of the authors and commenters here, the homeowner should have withheld that footage as a principled fuck-you to the cops and just let fate take its course with the woman who was kidnapped.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 13 Nov 2019 @ 1:22pm

      Re: Kidnap Victim Rescued, Suspect Arrested

      What it won't be letting you know is that it will part with your footage at the drop of a subpoena.

      That is not a voluntary arrangement.

      The next bit of creep, if it has not already happened, is the cops getting a live feed from a camera to keep your neighbour under surveillance.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 13 Nov 2019 @ 1:46pm

      Re: Kidnap Victim Rescued, Suspect Arrested

      Do you have a vested interest in this?

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 13 Nov 2019 @ 3:29pm

        Re: Re: Cop holsters badge bunny

        Ol’ brt is a cop sucker of the first order. He never met a cop who’s ass he couldn’t wait to kiss.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 13 Nov 2019 @ 5:00pm

          It is possible to respect someone and their ideals, even if you strongly disagree with them.

          I know, it is hard to believe, but it is true.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 13 Nov 2019 @ 5:24pm

            Re:

            Respect is earned bro. So is derision.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 13 Nov 2019 @ 10:59pm

              Re: Re:

              A fellow human being is deserving of respect.

              Treat others how you wish others to treat you.

              reply to this | link to this | view in chronology ]

              • icon
                Tanner Andrews (profile), 15 Nov 2019 @ 5:02am

                Re: Re: Re:

                A fellow human being is deserving of respect.

                Agreed, but you did not identify which fellow human being it was, or reasons for this unexpressed view.

                reply to this | link to this | view in chronology ]

              • identicon
                Anonymous Coward, 15 Nov 2019 @ 7:41am

                Re: Re: Re:

                "A fellow human being is deserving of respect."

                What has this fellow human being done in order to earn your respect?

                reply to this | link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 15 Nov 2019 @ 7:55am

                  Re: Re: Re: Re:

                  They were born human. I don't care what color, sex or gender, they are human.

                  Treat me with zero respect and I will respect that and return same.

                  reply to this | link to this | view in chronology ]

                  • identicon
                    Anonymous Coward, 15 Nov 2019 @ 10:25am

                    Re: Re: Re: Re: Re:

                    "They were born human. I don't care what color, sex or gender, they are human."

                    • That has nothing to do with the word respect and it has nothing to do with the fact that respect is earned, not demanded. Anyone demanding respect will not get it, what they get is adherence to demands with the added possibility of passive aggressive behavior.

                    "Treat me with zero respect and I will respect that and return same."

                    • Fair enough ... I'm curious, what do you consider to be "treated with zero respect"? Please provide an example.

                    Your stated response to provocation is understandable, what might that provocation look like? If I ignore you, you will just ignore me ... or is there more to it? Will I get a beatdown for not listening to you?

                    reply to this | link to this | view in chronology ]

                  • identicon
                    Anonymous Coward, 15 Nov 2019 @ 11:32pm

                    Re: Re: Re: Re: Re:

                    Did I discuss anything relating to those factors?

                    No?

                    STFU then.

                    Did I say he earned his derision?

                    Yes

                    Ok STFU THEN

                    reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 14 Nov 2019 @ 2:07am

              Re: Re:

              How do you get employment when you meet people and show them zero respect?

              reply to this | link to this | view in chronology ]

              • identicon
                Anonymous Coward, 14 Nov 2019 @ 5:39am

                Re: Re: Re:

                I suggest that there is a big difference between "respect" and "regard", many people misuse the word respect intentionally while most simply do not know its meaning.
                Meanwhile, there are some who demand respect when what they really desire is adulation.
                Employment interviews are not necessarily the best example of people being honest. I think that honesty and trust are prerequisites for respect.

                reply to this | link to this | view in chronology ]

              • identicon
                Anonymous Coward, 14 Nov 2019 @ 11:00am

                Re: Re: Re:

                You seem very confused on how the world works bro.

                reply to this | link to this | view in chronology ]

      • icon
        btr1701 (profile), 13 Nov 2019 @ 4:04pm

        Re: Re: Kidnap Victim Rescued, Suspect Arrested

        LOL! Pointing out a case in which a young woman's life was saved by the very thing y'all decry suddenly means I have a vested in doorbell cameras, huh?

        You're a cartoon.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 13 Nov 2019 @ 4:13pm

          Re:

          Not as such. But watching you bend over forewords to “accomodate” the police state makes you a Brownshirt collaborator at best. And speaking of cartoons your profile pic is at least an accurate descriptor of what kind banal type of evil you are bro.

          reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 13 Nov 2019 @ 4:29pm

          Re: Re: Re: Kidnap Victim Rescued, Suspect Arrested

          That's great that someone was saved, however - I still will not be attaching that security nightmare to my lan.

          Call me anything but late for supper

          reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 13 Nov 2019 @ 7:48pm

          Re: Re: Re: Kidnap Victim Rescued, Suspect Arrested

          It could have been any camera, but it wasn't - it was Ring, therefore Ring is OK? Not a valid argument for Ring, nor any sort of "viewpoint balancing".

          reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 14 Nov 2019 @ 5:45am

          Re: Re: Re: Kidnap Victim Rescued, Suspect Arrested

          Is there a "it worked once" fallacy?

          reply to this | link to this | view in chronology ]

  • icon
    btr1701 (profile), 13 Nov 2019 @ 1:15pm

    Breaking down "sharing" barriers is the first step toward bypassing the warrant process.

    Private citizens voluntarily sharing evidence they have with the police is NOT "bypassing the warrant process". Consent has ALWAYS been a recognized EXCEPTION to the warrant requirement since the founding days of the republic.

    Cushing has said this before and he was corrected then as well. One can only assume he has no interest in being accurate with regard to this topic.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 13 Nov 2019 @ 2:18pm

      Re:

      How nice of my across-the-street neighbors to give "consent" to unceasing surveilance of my comings and goings, which you claim is an exception to the warrant requirement for 24x7 surveilance required by US. vs Moore-Bush (2019).

      But you know those pesky Supreme Court decisions upholding fundamental constitutional rights. Those are always less important than unimpeded government surveilance.

      reply to this | link to this | view in chronology ]

      • icon
        btr1701 (profile), 13 Nov 2019 @ 4:02pm

        Re: Re:

        How nice of my across-the-street neighbors to give "consent" to unceasing surveilance of my comings and goings

        You have no reasonable expectation of privacy in what you do in full view of the public.

        which you claim is an exception to the warrant requirement

        I'm not the only one who claims it. Every court since 1778 has claimed it.

        required by US. vs Moore-Bush (2019).

        That requirement only applies to government, not your neighbor. And it doesn't suddenly apply because your neighbor decides to share footage of a crime with the cops.

        But you know those pesky Supreme Court decisions upholding fundamental constitutional rights.

        Unless the surveillance was conducted by or at the direction of the government, your pesky Supreme Court decision is inapplicable here.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 14 Nov 2019 @ 7:27am

          Re: Re: Re:

          You have no reasonable expectation of privacy in what you do in full view of the public.

          What's your address again? I have a privately-owned camera to point at the front of your house that does ALPR and face recognition and livestreams everything to the web and keeps a permanent timestamped log.

          And the "pesky" decision(s) said nothing about, or placed no limits on construction or direction, but the use by the government. Do you even read, bro?

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 14 Nov 2019 @ 7:45am

            Re: Re: Re: Re:

            Soon, the doorbell spy cams will be able to detect the aroma of pot
            /s (of course)

            reply to this | link to this | view in chronology ]

          • icon
            btr1701 (profile), 14 Nov 2019 @ 11:50am

            Re: Re: Re: Re:

            What's your address again?

            1) I've never given you my address before, so I'm not sure why you're asking for it again.

            2) The fact that I have no expectation of privacy in the public exterior of my home does not obligate me to publish its location to help someone play malicious games with me.

            And the "pesky" decision(s) said nothing about, or placed no limits on construction or direction, but the use by the government.

            It prohibits the government from using the entirety of the aggregated data to construct an intrusive record of someone's daily life over time. It does NOT prohibit a private citizen from doing the same with a home surveillance camera. And the citizen giving the cops one snippet of that data to help solve a specific crime does not mean the cops are using that entire database to construct an intrusive record of the porch-pirate's (or rapist's or burglar's) daily life which therefore makes your pesky Supreme Court decision inapplicable.

            Do you even read, bro?

            Apparently much better than you do, Beto.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 14 Nov 2019 @ 1:18pm

              Re: Re: Re: Re: Re:

              > What's your address again?

              1) I've never given you my address before, so I'm not sure why you're asking for it again.

              2) The fact that I have no expectation of privacy in the public exterior of my home does not obligate me to publish its location to help someone play malicious games with me.

              Ah, just what i figured -- another chickenhawk. "Tyranny for thee, but liberty for me."

              reply to this | link to this | view in chronology ]

    • icon
      Norahc (profile), 13 Nov 2019 @ 2:31pm

      Re:

      Private citizens voluntarily sharing evidence they have with the police is NOT "bypassing the warrant process". Consent has ALWAYS been a recognized EXCEPTION to the warrant requirement since the founding days of the republic.

      Cushing has said this before and he was corrected then as well. One can only assume he has no interest in being accurate with regard to this topic.

      The issue is not what owners share with law enforcement with their consent. The issue is what gets shared with them without the owners consent, or by the consent of a third party such as Ring.

      Honestly this would not be much of an issue if
      A) cops would just get a search warrant every time, and
      B) Ring would would not be doing everything they could to assist them in bypassing getting a search warrant.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Nov 2019 @ 2:44pm

    Freely sharing video evidence with the police, not the police just taking it from a camera you may happen to have are 2 different things.

    I have 5MP PoE cameras around my house. They are out in the open and can easily be seen. Its main purpose is a deterrent. A person sees 1 or more of my cameras and thinks, maybe I should go onto the property to steal that package or break-in. Leave and find a safer target. In the process, all my neighbors around me are gettered better protected. I'm on an inside corner and so can see a bunch of houses. In the short time of having them, I already gave the police a clip of a hit and run on a neighbor's pretty new Truck. Which was parked across the street on my side of the road in front of the neighbor's house next to me. I have audio also and so you can HEAR it as the Truck is hit. It was pretty lough for th Mic to pick it up from that far away.

    The police have NO direct access to my cameras and never will. It also costs me ZERO per month. I can see my cameras anywhere with internet access. So right on my phone. I knew Amazon buying RING was a bad thing. I thought Spying form Amazon was bad enough, but direct spying from the police? No thanks. Let alone PAYING for that honor every month for the cloud storage you need. Cloud storage that is always eating up some of your Internet Data CAP. Data that is being saved in the cloud. That means, cut your COAX cable, you now have no Internet service, and your Cloud Based camera there isn't recording anything. It's worthless!!!

    I'll stick with my $10 wireless Doorbell. I've been using it for the last 7 years?!?! I can't remember the last time I replaced the batteries. It's good enough. While I can't speak to a person with my cameras, I can hear them.

    I have 1 CHEAPO Cloud-based Camera. It's a WYZE camera that I have mounted inside my Garage. Mainly to make sure the door is closed as my Dad who lives with me is known to leave the garage door open when he takes off. My garage door will warn me if it's left open for longer than 5 and 10 minutes. So I can look and see if he's working inside the garage or his Truck is gone. If so, I can close it remotely. While it saves motion clips in the cloud, which is 100% FREE. I think like 15 seconds in length. It does save locally on that device with a MicroSD card. It's a cheap, perfect camera for the job it's doing.

    Don't get stuck in these forever paying plans for as long as you're using their cameras. PoE cameras, it's just an ethernet cable to run. It gets it's power from it also which is why it's PoE (Power over Ethernet). You can buy a bulk role of the cable and make the length you need pretty easily. You'll have a better picture as it's digital and not analog. I'm using an NVR (Network Video Recorder) that I have mounted up high in a lock box. With Analog Cameras, it's a duel cable. One for Video and one for Power. You can't really cut the cables, just bundle up. You use a DVR (Digital Video Recorder). You can use PoE cameras with a NAS and software running on it as an option also.

    I have 6 cameras currently. One is a Dome that that PTZ. So I can move it all around. I have it mounted on the corner of my house and so I can turn it to see my front door and porch and turn it all the way around to see down the side of my house. That is the normal direction I have it pointed. I can even control it on my phone.

    A lot of times the Ring Doorbell is in sleep mode, especially if it's running on its battery. By the time it wakes up, you may only see the back of the person. The same goes for these completely wireless cameras. They wake up when seeing movement, but that takes a few seconds. By then they are recording the back of the person as they're walking or running away. With a stick, can be easily knocked down onto the ground. You have to charge them up every few months. That means up and down a ladder and re-aiming them every time.

    Things to think about!!! If you're a renter, then you may be limited on what you can do. If you own your own home, installing a camera system yourself really isn't all that hard. I liked to just connect up a long ethernet cable from teh NVR to the camera and then hold up the camera where I think would be best and look on my iPad at the picture in real-time and see if that's the best view/location. Once I have the right spot, mark it and then do my drilling and running the ethernet cable the right way. I didn't need to do it for all my my camera locations, but a few of them. I also make sure they overlap each other. That way one camera would be recording a person tampering with another camera. If a person could just walk up behind a camera and then do whatever, that's not good. I still have plans to mount 2 more cameras. My NVR supports 8. In the future as all my cables have been ran, I could easily upgrade to 4K Cameras in the future. 2MP are 1080P cameras, 8MP cameras are 4K. I'm in the middle with 5MP cameras. The higher the MP means better the resolution, which means better detail when you go ZOOMING into the video or picture.

    A blurry image is a worthless image!!! The last thing they don't tell you is having to clean them!!! Dome Cameras are the hardest, but you get spiders that string their webs around, or across the lens. It may not be touching it, but that close, you see this thing wiggling right in front of your lens block a big part of your view and can be quite annoying. Also notice at times that the IR lights that allow them to see in the dark, it does attract bugs that are attracted to light and swarm around in front of the camera for a period of time. So once in a while, you have to clean off the camera, at least the lens area.

    reply to this | link to this | view in chronology ]

    • icon
      Norahc (profile), 13 Nov 2019 @ 3:36pm

      Re:

      Exactly. Why put your security in the hands of someone or something you have no control over, or that may not be there in the future.

      While Amazon isn't going away in the near future, it is still possible that they could pull a Google Nest like move and shut down your doorbell cameras.

      reply to this | link to this | view in chronology ]

      • icon
        Code Monkey (profile), 13 Nov 2019 @ 5:56pm

        Re: Re:

        ..or they could pull a Google and sell all that footage to some company who they "partner" with, you know, so they can "customize the user experience".

        Or allow would-be thieves a way to take inventory of your possessions and make a burglar's Christmas Wish List......

        reply to this | link to this | view in chronology ]

  • icon
    Code Monkey (profile), 13 Nov 2019 @ 4:54pm

    Creey AF, Amazon. Creepy AF

    15.8 million photos of kids. Wow, Ring doorbells must be a pedophile's wet dream!

    {ew}

    (´ཀ`」 ∠)

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.